Government, industry cooperation on security urged

Governments and industry must find a way to work together to increase security over the Internet if the so-called New Economy is to grow and flourish, stressed speakers at the opening session of the second annual meeting of the World E-Commerce Forum on last week.

"The biggest threats [to the New Economy] are still the security and privacy issues," said Dr Steve Smithson, chairman of the forum and professor at the London School of Economics.

Smithson warned that computer viruses, besides being very costly, also seriously undermine consumer confidence in the Internet.

"One really major scam and we'll be set back a number of years. I hope I'm wrong but I think we're still open to a major [online] scam," Smithson said.

The World E-Commerce Forum chairman also pointed out that "there are still some shaky sites out there", adding that poor online service for consumers last Christmas was not only bad business for individual companies, but for the New Economy as a whole.

Smithson said that there is still a "creativity, there is still a buzz on the street for e-commerce", which serves as one of the New Economy's greatest strengths, though issues such as "regulatory weakness" need to be addressed.

Risaburo Nezu, director, directorate for science, technology and industry for the Organisation for Economic Co-operation and Development (OECD), agreed with Smithson.

"Clearly there is a need for trust and confidence. Unfortunately, this is becoming rather worse," Nezu said.

Nezu used as examples the wide- spread denial-of-service attacks last February against Yahoo and among other companies, as well as recent self-spreading e-mail computer viruses to highlight the need for online security.

"Cyber crimes are going up, with the security concerns mounting. The future depends on how we deal with these concerns. We must establish awareness as cyber citizens," Nezu said.

According to Nezu, the lack of consumer confidence accounts for a slower growth in business-to-consumer online e-commerce transactions in comparison to business-to-business e-commerce. "Concern about privacy is on the rise. Three-quarters of users stop [their online transaction] when asked for their credit card number because they are not confident of security on the network or server," Nezu said.

The way forward is for governments to come to agreements over security standards between themselves. "Standards can be different globally as long as some type of interoperability globally [through agreements] is assured," Nezu said.

Furthermore, governments need to "establish a mechanism for a systematic response to cyber attacks" as well as a way to "collectively teach ethics for cyber citizens" in schools and through community organisations, Nezu said.

According to Nezu, the OECD will "keep an eye" on regulations from OECD member countries concerning cryptography, authentication and digital signatures, privacy protection and consumer protection and will analyse the effectiveness of those regulations.

The OECD then plans to "examine the effectiveness of codes of conduct (CoC) by the private sector", and is currently conducting a questionnaire survey to see how those codes of conduct are working. Furthermore, though there are already more than 30 alternative dispute resolution mechanisms, the OECD is looking "at various systems to try and see what needs to be done to make them work more effectively", Nezu said.

Nezu conceded that it will be very difficult to get companies to share information with other companies as well as governments in order to establish preventative measures against such things as denial of service attacks.

"The OECD has no idea right now about how ready or not companies are against cyber attacks. We still need more education and understanding about sharing information," Nezu said.

Peter Sommer, a visiting research fellow with the Computer Security Research Centre at the London School of Economics, agreed with both OECD's Nezu and World E-Commerce Forum chairman Smithson that governments had a role to play in establishing online security, but that it is a limited one.

"Governments can encourage and support and can engage in certain activities like certification of products and systems. It can also have some role in law and law enforcement," though there are limits to what governments can do through laws and regulations, Sommer said.

The UK government, like any other government, must figure out how to allocate resources and how to train police. Furthermore, governments always need to look at "the costs of investigations versus the chance of success and likely punishment. The big debate really is how you control and audit new powers," Sommer said.

But another issue is whether society as a whole wants an international high-tech crime squad, Sommer added.

Sommer said he believes that international cyber-crime treaties are a much more achievable goal. "Treaties could achieve a harmonisation of terminology and of principle, of evidence collection and preservation. They could also achieve agreement on principles of cooperation," Sommer said.

World E-c\Commerce Forum:


London School of Economics:

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Amazon.comOECDYahoo

Show Comments